79 matches found
UBUNTU-CVE-2018-13796
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...
CVE-2018-13796
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...
Inflection: Limited arbitrary text inclusion in user invite emails
When creating a GoodHire account, a fairly wide range of ASCII characters are permitted in certain fields like Company Name. This field is included in email templates that are automatically sent to new users when an account owner invites them to join a GoodHire account. Theoretically, spam conten...
CVE-2016-4048
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected...
CVE-2016-4048
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected...
Novell Zenworks ChangePassword XPath Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to exfiltrate arbitrary text files on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChangePassword RPC method. By providing a malformed query, an attacker ca...
CVE-2015-7817
CVE-2015-7817 affects IBM System Networking Switch Center (SNSC) prior to 7.3.1.5 and Lenovo Switch Center prior to 8.1.2.0. A race condition in the administration-panel web service enables remote attackers to obtain privileged-account access, then feed FileReader.jsp input containing directory t...
CVE-2014-0136
The 1 get and 2 log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine CFME 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors...
CVE-2014-0136
The 1 get and 2 log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine CFME 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors...
Cisco Unified Web and E-Mail Interaction Manager Broken Authentication Vulnerability
A vulnerability in Cisco Unified Web and E-Mail Interaction Manager could allow an unauthenticated, remote attacker to capture, forge, or brute force a session identifier transmitted as a parameter in GET requests. The vulnerability is due to improper use of session identifiers in GET requests. A...
HP Release Control - (Authenticated) XML External Entity (Metasploit)
HP Release Control - Authenticated XML External Entity Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This modu...
HP Release Control 9.20.0000 Build 395 XXE
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This module take advantage of three separate vulnerabilities in order to re...
EMC Connectrix Manager Converged Network Edition inmservlets.war Information Disclosure Vulnerability
This vulnerability allows remote attackers to read arbitrary text files on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability. The specific flaw exists within one of the pages served as part of the immservlets...
CVE-2013-5490
Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCud80148...
Xxe
Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCud80148...
CVE-2012-4942
Multiple cross-site scripting XSS vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field...
CVE-2012-2606
The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack...
MyST BlogSite URL Redirect / Information Leakage
=============================== MyST BlogSite | Multiple Vulnerabilities =============================== 1. VULNERABILITY DESCRIPTION -- Issue Title: Arbitrary URL Redirect Component: MyST BlogSite ClickDirector Ref: OWASP - Top 10 - 2010 - A10 Ref-Link:...
Claroline 1.8.11 Cross Site Scripting
Author: Gerendi Sandor Attila Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html Date: May 05, 2009 Package: Claroline 1.8.11 Product Homepage: http://www.claroline.net/ Versions Affected: v.1.8.11 Other versions may also be affected Severity: Medium...